Pluggable Authentication Modules

Dag-ErlingSmÃ¸rgrav

This article describes the underlying principles and
mechanisms of the Pluggable Authentication Modules (PAM)
library, and explains how to configure PAM, how to integrate
PAM into applications, and how to write PAM modules.

1.Â Introduction

The Pluggable Authentication Modules (PAM) library is a
generalized API for authentication-related services which allows
a system administrator to add new authentication methods simply
by installing new PAM modules, and to modify authentication
policies by editing configuration files.

PAM was defined and developed in 1995 by Vipin Samar and
Charlie Lai of Sun Microsystems, and has not changed much since.
In 1997, the Open Group published the X/Open Single Sign-on
(XSSO) preliminary specification, which standardized the PAM API
and added extensions for single (or rather integrated) sign-on.
At the time of this writing, this specification has not yet been
adopted as a standard.

Although this article focuses primarily on FreeBSD 5.x,
which uses OpenPAM, it should be equally applicable to FreeBSD
4.x, which uses Linux-PAM, and other operating systems such as
Linux and Solaris™.